1001 matches found
PT-2026-6595
Name of the Vulnerable Software and Affected Versions Monstra CMS version 3.0.4 Description Monstra CMS version 3.0.4’s Files Manager plugin has an issue where arbitrary files can be uploaded. The application uses a blacklist to validate file extensions and stores uploaded files in a directory...
EUVD-2026-5276
The OS DataHub Maps plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the 'OSDataHubMapsAdmin::addfileandext' function in all versions up to, and including, 1.8.3. This makes it possible for authenticated attackers, with Author-level access and...
CVE-2026-1730
The OS DataHub Maps plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the 'OSDataHubMapsAdmin::addfileandext' function in all versions up to, and including, 1.8.3. This makes it possible for authenticated attackers, with Author-level access and...
podinfo 安全漏洞
Podinfo is a Kubernetes microservice template developed by Stefan Prodan. Versions of Podinfo 6.9.0 and earlier contain security vulnerabilities. These vulnerabilities stem from unvalidated attackers being able to upload arbitrary files through specially crafted POST requests. Additionally, the...
CVE-2020-37054
Navigate CMS 2.8.7 is affected by a cross-site request forgery vulnerability that lets attackers upload malicious extensions via a crafted HTML page. By abusing the extension upload functionality without additional validation, an authenticated administrator can be tricked into performing arbitrar...
CVE-2026-1400
The AI Engine – The Chatbot and AI Framework for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the resthelpersupdatemediametadata function in all versions up to, and including, 3.3.2. This makes it possible for authenticated attacker...
CVE-2026-1400
The AI Engine – The Chatbot and AI Framework for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the resthelpersupdatemediametadata function in all versions up to, and including, 3.3.2. This makes it possible for authenticated attacker...
WordPress Plugin AI Engine – The Chatbot and AI Framework for WordPress Code Issues and Vulnerabilities
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...
Books_Manager code issue vulnerabilities
BooksManager is a book management system developed by iJason-Liu. There are code issues and vulnerabilities in BooksManager, which stem from incorrect handling of the parameter “bookcover” in the file controllers/bookscenter/uploadbookCover.php. This could lead to arbitrary file uploads...
CVE-2026-0911
The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the actionimportmodule function in all versions up to, and including, 7.8.9.2. This makes it possible for authenticated attackers, wi...
CVE-2025-13374
The Kalrav AI Agent plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the kalravuploadfile AJAX action in all versions up to, and including, 2.3.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site...
MPay code-related vulnerabilities
MPay is a convenient payment collection tool developed by Technic Laohu in China. Versions of MPay 1.2.4 and earlier have code vulnerabilities, which stem from incorrect handling of the parameter “codeimg”. This vulnerability may lead to arbitrary file uploads...
CVE-2012-10064
Omni Secure Files plugin versions prior to 0.1.14 contain an arbitrary file upload vulnerability in the bundled plupload example endpoint. The /wp-content/plugins/omni-secure-files/plupload/examples/upload.php handler allows unauthenticated uploads without enforcing safe file type restrictions,...
WordPress plugin Supreme Modules Lite 代码问题漏洞
WordPress Supreme Modules Lite plugin is a free extension plugin designed for Divi themes and DiviBuilder. WordPress Supreme Modules Lite plugin has a code issue vulnerability that stems from insufficient file type validation, which can be exploited by an attacker to cause arbitrary file uploads...
PHPGurukul News Portal Project 安全漏洞
PHPGurukul News Portal Project is a news portal project by PHPGurukul Inc. A security vulnerability exists in PHPGurukul News Portal Project version V4.1, which stems from a file upload vulnerability in the upload.php file, which could lead to arbitrary file uploads...
CVE-2023-4861
The File Manager Pro WordPress plugin before 1.8.1 allows admin users to upload arbitrary files, even in environments where such a user should not be able to gain full control of the server, such as a multisite installation. This leads to remote code execution...
CVE-2018-18888
An issue was discovered in laravelCMS through 2018-04-02. \app\Http\Controllers\Backend\ProfileController.php allows upload of arbitrary PHP files because the file extension is not properly checked and uploaded files are not properly renamed...
BiggiDroid Simple PHP CMS 安全漏洞
BiggiDroid Simple PHP CMS is a BiggiDroid open source content management system. A security vulnerability exists in BiggiDroid Simple PHP CMS version 1.0, which stems from the incorrect manipulation of the parameter image in the file /admin/editsite.php, which could lead to arbitrary file uploads...
CVE-2019-12185
eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/controllers/EntityController.php component. This may result in remote command execution. An attacker can use a user account to fully compromise the system using a POST request. This will allow for PHP files to be written to the we...
CVE-2025-1304
The NewsBlogger theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the newsbloggerinstallandactivateplugin function in all versions up to, and including, 0.2.5.1. This makes it possible for authenticated attackers, with subscriber-level access and...